From 003d84a60abed6178526a3be43fb27c8c20006ae Mon Sep 17 00:00:00 2001
From: LSZ <zhao@idsmanager.com>
Date: Tue, 24 May 2016 23:43:37 +0800
Subject: [PATCH] Update oauth2 config

---
 .../sos/config/ServletInitializer.java        | 29 ++++++++++-------
 .../sos/config/WebSecurityConfigurer.java     | 32 +++++++++++++------
 .../web/controller/OAuthRestController.java   |  4 +++
 3 files changed, 44 insertions(+), 21 deletions(-)

diff --git a/src/main/java/com/monkeyk/sos/config/ServletInitializer.java b/src/main/java/com/monkeyk/sos/config/ServletInitializer.java
index cf341c4..0ee1db5 100644
--- a/src/main/java/com/monkeyk/sos/config/ServletInitializer.java
+++ b/src/main/java/com/monkeyk/sos/config/ServletInitializer.java
@@ -2,11 +2,8 @@ package com.monkeyk.sos.config;
 
 import com.monkeyk.sos.web.filter.CharacterEncodingIPFilter;
 import com.opensymphony.sitemesh.webapp.SiteMeshFilter;
-import org.springframework.util.ClassUtils;
-import org.springframework.web.context.WebApplicationContext;
-import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 import org.springframework.web.filter.DelegatingFilterProxy;
-import org.springframework.web.servlet.support.AbstractDispatcherServletInitializer;
+import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
 import org.springframework.web.util.Log4jConfigListener;
 
 import javax.servlet.ServletContext;
@@ -21,7 +18,7 @@ import javax.servlet.ServletException;
  *
  * @author Shengzhao Li
  */
-public class ServletInitializer extends AbstractDispatcherServletInitializer {
+public class ServletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
 
 
     @Override
@@ -58,15 +55,25 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer {
 
     }
 
+//    @Override
+//    protected WebApplicationContext createRootApplicationContext() {
+//        return createServletApplicationContext();
+//    }
+//
+//    @Override
+//    protected WebApplicationContext createServletApplicationContext() {
+//        AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
+//        context.scan(ClassUtils.getPackageName(getClass()));
+//        return context;
+//    }
+
     @Override
-    protected WebApplicationContext createRootApplicationContext() {
-        return createServletApplicationContext();
+    protected Class<?>[] getRootConfigClasses() {
+        return new Class[]{ContextConfigurer.class, WebSecurityConfigurer.class, OAuth2ServerConfig.class};
     }
 
     @Override
-    protected WebApplicationContext createServletApplicationContext() {
-        AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
-        context.scan(ClassUtils.getPackageName(getClass()));
-        return context;
+    protected Class<?>[] getServletConfigClasses() {
+        return new Class[]{WebMvcConfigurer.class};
     }
 }
diff --git a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
index 65f6f44..756475a 100644
--- a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
+++ b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
@@ -30,6 +30,7 @@ import org.springframework.security.oauth2.provider.request.DefaultOAuth2Request
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
 import org.springframework.security.oauth2.provider.vote.ScopeVoter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import javax.sql.DataSource;
 import java.util.Arrays;
@@ -49,10 +50,19 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
     @Autowired
     private UserService userService;
 
+
+    @Autowired
+    public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userService);
+//        auth.inMemoryAuthentication().withUser("marissa").password("koala").roles("USER").and().withUser("paul")
+//                .password("emu").roles("USER");
+    }
+
+
     @Override
     public void configure(WebSecurity web) throws Exception {
-        web.expressionHandler(new OAuth2WebSecurityExpressionHandler());
         web.ignoring().antMatchers("/resources/**");
+        web.expressionHandler(new OAuth2WebSecurityExpressionHandler());
     }
 
     @Override
@@ -67,20 +77,22 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
 
         http.authorizeRequests()
                 .antMatchers("/oauth/**").hasAnyRole("ROLE_USER", "ROLE_UNITY", "ROLE_MOBILE")
-                .antMatchers("/**").anonymous()
+//                .antMatchers("/**").anonymous()
                 .and()
                 .exceptionHandling().accessDeniedPage("/login.jsp?authorization_error=2")
                 .and()
-                .csrf().disable()
-                .formLogin().loginPage("/login.jsp")
-                .failureUrl("/login.jsp?authentication_error=1")
-                .defaultSuccessUrl("/index.jsp")
-                .loginProcessingUrl("/login.do")
-                .and()
-                .logout().logoutUrl("/logout.do")
+                .csrf()
+                .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize"))
+                .disable()
+                .logout()
+                .logoutUrl("/logout.do")
                 .logoutSuccessUrl("/index.jsp")
                 .and()
-                .anonymous();
+                .formLogin()
+                .loginProcessingUrl("/login.do")
+                .failureUrl("/login.jsp?authentication_error=1")
+                .loginPage("/login.jsp")
+                .defaultSuccessUrl("/index.jsp");
 
 
     }
diff --git a/src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java b/src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java
index 1a3dae0..7f779e7 100644
--- a/src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java
+++ b/src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java
@@ -16,6 +16,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.http.ResponseEntity;
@@ -59,7 +60,10 @@ public class OAuthRestController implements InitializingBean, ApplicationContext
 
     @Autowired
     private ClientDetailsService clientDetailsService;
+
+    // consumerTokenServices,defaultAuthorizationServerTokenServices
     @Autowired
+    @Qualifier("defaultAuthorizationServerTokenServices")
     private AuthorizationServerTokenServices tokenServices;
     @Autowired
     private AuthorizationCodeServices authorizationCodeServices;